[170999] in North American Network Operators' Group
Re: DMARC -> CERT?
daemon@ATHENA.MIT.EDU (Scott Howard)
Mon Apr 14 18:22:09 2014
In-Reply-To: <CAGfsgR1VM-Be4dkos=ad8BK5ZMhvLQjPU=BcpPT6N+iZ3WBBNg@mail.gmail.com>
Date: Mon, 14 Apr 2014 15:21:40 -0700
From: Scott Howard <scott@doc.net.au>
To: Jim Popovitch <jimpop@gmail.com>
Cc: NANOG <nanog@nanog.org>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
On Mon, Apr 14, 2014 at 2:59 PM, Jim Popovitch <jimpop@gmail.com> wrote:
> 7-April: Monday, Yahoo's dmarc change kicks everyone in the groin, the
> last full week before the US tax filing deadline.
>
The change was made on the previous Friday, so that date is largely
irrelevant.
7-April: OpenSSL's *public* advisory (after a full week of private
> notifications, of which yahoo surely was one tech company in on the
> early notifications)
>
Given that many of their main services were vulnerable at the time of
public disclosure, I think that's a very large assumption to make...
If nothing else, I suspect the odds of it being known by the same people
that made the DMARC decision/changes is low.
Scott
